How to allow iFrames
Problem
<iframe>
elements are removed from self-service articles and other user generated content.
Cause
This is a security feature to prevent cross-site scripting (XSS) attacks.
Resolution
By default we whitelist a number of domains that are permitted to use iframe
. Follow the below
steps to add your domain to the whitelist:
- Create or edit the following file:
config/production/purifier.php
-
Add your domain to the value of URI.SafeIframeRegexp - replace
your-domain-here
below (do not include http://)<?php return array( "settings" => array( "default" => array( "URI.SafeIframeRegexp" => "%^(http://|https://|//)(www.youtube.com/embed/|player.vimeo.com/video/|your-domain-here)%", ), ), );